vulnerability

(get it in RSS or Atom)

Apple rushes out iTunes 11.2.1 - fixes giant permissions hole

itunes-250

Did you just download the quarter-gigabyte iTunes 11.2 update for your Mac?

If so, consider it a practice run: you need to do it all over again...

SSCC 147 - Why Snapchat will have to tell you the truth about security now [PODCAST]

sscc-147-250

As usual, Chester Wisniewski and Paul Ducklin turn their insightful and entertaining gaze on the security lessons we can learn from the past few days.

Give it a listen - it's our weekly quarter-hour security podcast...

Linux "got root" kernel bug patched after five years at large

bug-250

Here's a kernel bug in Linux that turned out to have been sitting there, Heartbleed style, awaiting discovery and exploitation for several years.

Paul Ducklin digs in...

Patch Tuesday wrap-up, May 2014 - Adobe and Microsoft both patch multiple remotable holes

istock_patchtuesday250

Patch Tuesday updates from both Microsoft and Adobe are out.

There aren't any huge surprises this month, but both companies have critical patches for remote code execution holes...

"Open the iPhone door, Siri!" - Apple's digital helper coughs up another lock screen hole

iphone-5-lock-screen-250

A hacker has found a way to bypass the iPhone 5 lock screen to get at your contacts. Ironically, he got in by asking Siri, Apple's voice-activated "helper."

Here's how to close the hole while you wait for Apple's fix...

Patch Tuesday for May 2014 - 8 bulletins, 2 critical, 0/zero/zilch/zip for XP

pt-may-2014-250

A quick note to remind you that tomorrow is Patch Tuesday.

The scorecard is "2 from 8", with eight security bulletins due, two of which are rated "Critical."

XP? Not a sausage...

Is Apple finally getting real about security? 60 Sec Security [VIDEO]

2014-05-10-thumb-0250

Where does the data breach buck stop? Why do they call them "secret" links? And is Apple finally getting real about security?

Find out in "60 Second Security" for 10 May 2014

Monday review - the hot 17 stories of the week

dow-250

Catch up with everything we've written in the last seven days - it's weekly roundup time.

Microsoft and Adobe have 0-days, AOL breached, and we win an award! 60 Sec Security [VIDEO]

2014-03-05-thumb-0250

Are two zero-days better than one? What happened to AOL's user database? And is that another award that Naked Security just won?

Find out in 60 Sec Security for 03 May 2014...

That was quick! Microsoft patches the "1776" hole in Internet Explorer

1776-250

The Internet Explorer zero-day bug that made the headlines a few days ago went by the nerdy name of CVE-2014-1776.

The good news? No need to wait until next Patch Tuesday for a fix - Microsoft has issued one already.

Firefox 29 is out - it's more secure, but does it *look* better, too?

ff-250

Firefox 29 is out, in accordance with Mozilla's regular Tuesday-based 42 day update cycle.

There are numerous security fixes combined with some rather in-your-face visual changes...

Not to be outdone by Microsoft, Adobe announces zero-day exploit patch for Flash

flash-250

Hot on the heels of Microsoft's IE zero-day announcement comes an Adobe bulletin about a zero-day in Flash.

(No, they're *not* related, even though the current IE exploits use a Flash file to kick things off.)

Microsoft acknowledges "in the wild" Internet Explorer zero-day

ie-11-250

Microsoft has published a security advisory of the heart-dropping sort.

An "in the wild" exploit has been spotted that can cause RCE, or remote code execution, in Internet Explorer.

Paul Ducklin gives some tips for mitigating the risk...

Apple pushes out critical security fixes for OS X, iOS and Apple TV

apple-upd-250

You still can't tell when you're going to get your next update from Apple, but serious security fixes do seem to be coming more frequently these days.

Like the latest round of patches, closing a raft of hackable holes in OS X, iOS and Apple TV...

No Heartbleed holes in Java, but here comes a sea of patches anyway

hb-no-250

Oracle's quarterly Patch Tuesday updates are out.

Java gets 37 fixes, 35 of them what Oracle calls "Remote Exploit without Authentication".

The silver lining? No Heartbleed bug in Java Standard Edition...

Patch Tuesday for April 2014 - it's Goodbye, Farewell and Amen for Windows XP

pt-2014-04-250

The date's been in our diaries since 2007.

But even with seven years to prepare for it, you'll be forgiven for approaching the April 2014 Patch Tuesday with a bit of a lump in your throat.

Adieu, XP.

Apple patch out, Fake support bust, Liquor store leak - 60 Sec Security [VIDEO]

2014-04-05-justice-250

How long did Apple leave holes in Safari? What punishment can a convicted support call scammer expect? And what happens when a liquor store springs a leak?

Find out in 60 Second Security. the security news video that only takes a minute...

Apple updates OS X Safari - patches a year's worth of holes, but not on Snow Leopard

safari-250

In all the excitement over the End of Windows XP and next Tuesday's Ultimate Update...

...we sort of forgot to write about Apple.

Here's the scoop on the lates OS X Safari browser update, patching 27 vulnerabilities.

SSCC 141 - Adobe revisited, MS-DOS, Word, XP, Snapchat and backup [PODCAST]

sscc-141-thumb-250

Chet and Duck get together once again to look at the week's news with their usual blend of humor, insight and informed intensity....

Take a listen to the latest episode of our weekly quarter-hour podcast!

Microsoft issues alert for Word zero-day - booby-trapped RTF files already used in attacks

wordhazard-250

Booby-trapped RTF files have been found in the wild, exploiting a zero-day hole in Microsoft Word.

Microsoft has issued an alert.

Paul Ducklin gives you four tips for long-term safety against this sort of attack...